Troy Hunt
APRIL 22, 2021
Lots of bit and pieces this week, most of which is self-explanatory based on the references below. One thing to add though is the outcome of the ClearVoice Surveys breach I live-tweeted during the stream: someone from there did indeed get in touch with me. We spoke on the phone, they confirmed the legitimacy of the breach and acknowledged they'd seen it posted to a hacking forum where it's now spreading broadly.
Schneier on Security
APRIL 22, 2021
Excellent New Yorker article on North Korea’s offensive cyber capabilities.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
APRIL 22, 2021
Security professionals would be well-served with this Linux distribution that offers a wide range of penetration and vulnerability testing tools.
Security Boulevard
APRIL 22, 2021
If cybersecurity leaders and teams think this year will be quieter and easier than 2020, they are mistaken. The remote work trend launched by COVID-19 is morphing into a new hybrid environment that has some employees working at home full time, others at corporate facilities and many working at either location depending on the day. The post Navigating Cybersecurity Gaps in Uncertain Times appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
APRIL 22, 2021
While the software solutions have made it easier to work from home, they've also made it easier to launch malware.
Hot for Security
APRIL 22, 2021
The bad news. Attackers are exploiting the COVID-19 vaccine apps to deploy malware to Android devices. Since the outburst of the pandemic, they haven’t missed any opportunity to spread malware via Covid19-themed emails, apps, websites and social media. But now, Bitdefender researchers have found multiple apps taking advantage of mobile users looking for information about the vaccines or seeking an appointment to get the jab.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
APRIL 22, 2021
HackerOne announced today that the portfolio of tools it makes available to white hat hackers is extended now includes a video capture capability that makes it easier to demonstrate how a vulnerability might be exploited. At the same time, the HackerOne platform is making it simpler for cybersecurity teams to directly ingest and incorporate vulnerability.
Bleeping Computer
APRIL 22, 2021
The "external sender" warnings shown to email recipients by clients like Microsoft Outlook can be hidden by the sender, as demonstrated by a researcher. Turns out, all it takes for attackers to alter the "external sender" warning, or remove it altogether from emails is just a few lines of HTML and CSS code. [.].
CyberSecurity Insiders
APRIL 22, 2021
With cyber attacks against financial and banking institutions now a daily occurrence, cyber threats have become the biggest risk to the global financial system, according to Federal Reserve Chairman Jerome Powell. During an interview on CBS News’ 60 Minutes, Powell said cyber risks surpass even the types of lending and liquidity risks that led to the Great Recession in 2008.
We Live Security
APRIL 22, 2021
You can only stay safe by disabling AirDrop discovery in the system settings of your Apple device, a study says. The post AirDrop flaws could leak phone numbers, email addresses appeared first on WeLiveSecurity.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
APRIL 22, 2021
A new report from Synopsys examined audit data from 1,500 + commercial codebases to examine how organizations are using open source code. The past year with the COVID pandemic saw a significant increase from last year's report, with the number of open source vulnerabilities in codebases increasing from 75% to 84%. The post 84% of Codebases Contain Open Source Vulnerabilities appeared first on K2io.
Digital Shadows
APRIL 22, 2021
Covered in our previous article on Emotet’s Disruption, Emotet has been seized by law enforcement. Authorities that managed to seize. The post The Emotet Shutdown Explained first appeared on Digital Shadows.
Tech Republic Security
APRIL 22, 2021
While apps like Zoom, Slack, Teams and others are great for working from anywhere, they also create a larger attack surface.
CyberSecurity Insiders
APRIL 22, 2021
As per the perspective of UK’s intelligence chief Jeremy Fleming, Britain seems to be a Cyber Power and its adversaries such as China and Russia are busy disrupting the future technologies of the country. Britain has emerged as a big animal in the digital world and needs to develop its sovereign capabilities in areas such as quantum computing on an urgent note.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Adam Shostack
APRIL 22, 2021
There’s a new report out from the UK Government, The UK Code of Practice for Consumer IoT Security. One of the elements I want to draw attention to is: The use of IoT devices by perpetrators of domestic abuse is a pressing and deeply concerning problem that is largely hidden from view. Collecting data (and therefore evidence) on this is challenging for a number of reasons outlined in this section by Leonie Tanczer.
Threatpost
APRIL 22, 2021
You might think that cybercrime is more prevalent in less digitally literate countries. However, NordVPN's Cyber Risk Index puts North American and Northern European countries at the top of the target list.
Security Affairs
APRIL 22, 2021
Cybersecurity firm Trend Micro revealed that a threat actor is actively exploiting a flaw, tracked as CVE-2020-24557, in its antivirus solutions to gain admin rights on Windows systems. Security solutions one again are used as attack vectors by threat actors, this time cybersecurity company Trend Micro revealed that attackers are actively exploiting a vulnerability, tracked as CVE-2020-24557, in its antivirus solutions to gain admin rights on Windows systems.
SC Magazine
APRIL 22, 2021
Mitre Engenuity – The Mitre Corporation’s tech foundation for public good – released the results of its independent evaluation of 29 vendors to see how their products were able to detect and in some cases block known Mitre ATT&CK techniques. Check Point Software Solutions had the most detections: 330 across 174 substeps. (Check Point Software).
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Hot for Security
APRIL 22, 2021
The bad news. Attackers are exploiting the COVID-19 vaccine apps to deploy malware to Android devices. Since the outburst of the pandemic, they haven’t missed any opportunity to spread malware via Covid19-themed emails, apps, websites and social media. But now, Bitdefender researchers have found multiple apps taking advantage of mobile users looking for information about the vaccines or seeking an appointment to get the jab.
The Hacker News
APRIL 22, 2021
Adversaries are increasingly abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems.
Identity IQ
APRIL 22, 2021
If you want to help secure your digital identity, a virtual private network (VPN) is a great tool you can use for added online privacy. In this guide, we discuss VPNs in detail, including how they work, how they protect you and why you should use one when browsing the web. What is a VPN? How does a VPN Work? What is Encryption? What is an IP Address?
Security Affairs
APRIL 22, 2021
The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. In order to reduce as much as possible the vulnerabilities and programming errors that can affect not only the quality of the product itself but can also be exploited to launch increasingly sophisticated and growing computer attacks, it’s necessary to guarantee the protection parameters of computer security in terms of integrity, confidentiality and auth
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Graham Cluley
APRIL 22, 2021
Did you receive an email claiming to come from Twitter that asked you to confirm your account? Don't panic - it wasn't a phishing attack. Twitter goofed up.
Security Affairs
APRIL 22, 2021
Researchers from Human Security have uncovered a huge botnet of Android devices being used to conduct fraud in the connected TV advertising ecosystem. Security researchers at Human Security (formerly White Ops) discovered a massive Android botnet, dubbed Pareto , used to conduct fraud in the Connected TV (CTV) advertising ecosystem. The Pareto botnet is composed of nearly a million infected mobile Android devices, it was used to emulate the activity of millions of people watching ads on smart TV
Security Boulevard
APRIL 22, 2021
What is Microservices Testing? A microservices architecture creates an application as a collection of services. Each microservice works independently and uses application programming interfaces (APIs) to communicate with other services. Each microservice has its own data store and is deployed independently. The post Microservices Testing: A Quick Start Guide appeared first on Security Boulevard.
Bleeping Computer
APRIL 22, 2021
Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero (XMR) cryptocurrency mining bots. [.].
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Boulevard
APRIL 22, 2021
With everyone living online these days, web traffic to the online channels is on the upsurge. However, if you delve into the traffic, you’ll see that most of the traffic. The post Blocking Bots: Why We Need Advanced WAF? appeared first on Indusface. The post Blocking Bots: Why We Need Advanced WAF? appeared first on Security Boulevard.
CyberSecurity Insiders
APRIL 22, 2021
To all those who are using QNAP storage devices for backup or file sharing purposes, here’s an alert that needs your attention. From the past few days, a ransomware dubbed as Qlocker has been targeting the said NAS devices on a network and blocking their access to users. It is learnt that the massive file encrypting malware campaign started on April 19th,2021 when victims took help of the technology forums to know more about the ransomware.
The State of Security
APRIL 22, 2021
Learn more about the notorious REvil ransomware in my article on the Tripwire State of Security blog.
Hot for Security
APRIL 22, 2021
An infamous group of ransomware operators is pressuring Apple supplier Quanta Computer to pay $50 million to keep stolen MacBook designs under wraps, following a successful breach of its servers. Earlier this week, news broke out that REvil, also known as Sodinokibi, had breached Quanta Computer and infected it with ransomware, but not before stealing proprietary hardware designs and specifications allegedly pertaining to Apple’s new MacBook line.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
232 
Let's personalize your content